Answer the question
In order to leave comments, you need to log in
What are the systems certified by the FSTEC, in accordance with Order No. 31?
Good day.
Because The search did not return the desired results, I write here.
I ask you to give examples of SI systems developed for automated process control systems at the KVO. I understand that, most likely, this information needs clearance. But what if I get lucky?
Answer the question
In order to leave comments, you need to log in
There is no mandatory certification of information security facilities in Order 31. There is a mandatory conformity assessment, this is a consequence of the fact that not all industrial processes have certified solutions.
If you use certified information security facilities, then there is no separate certification line for process control systems. Use the State Register of information security facilities , and the requirements for protection classes from paragraph 24 of paragraph 31 of the order.
FSTEC explained this in its informational message
3. On the use of information security tools in automated control systems for production and technological processes.
In accordance with paragraph 11 of the Requirements approved by the order of the FSTEC of Russia dated March 14, 2014 N 31, automated control systems for production and technological processes use information security tools that have passed conformity assessment in accordance with the legislation of the Russian Federation on technical regulation.
At the same time, the forms for assessing the conformity of information security tools are established by Part 3 of Article 7 of the Federal Law of December 27, 2002 N 184-FZ "On Technical Regulation" (tests, confirmation of conformity (mandatory certification, voluntary certification, declaration of conformity), acceptance and entry into exploitation, other forms).
In accordance with paragraph 13 of the Requirements approved by the order of the FSTEC of Russia dated March 14, 2014 N 31, the requirements for the protection of information in an automated control system for production and technological processes are established by the customer and are included in the terms of reference for the creation (modernization) of an automated control system and (or ) terms of reference (private terms of reference) for the creation of a protection system for an automated control system.
Thus, in the automated control system, information security tools are used that have passed the conformity assessment in the form established by the customer in the terms of reference in accordance with the Federal Law "On Technical Regulation".
At the same time, paragraph 24 of the Requirements approved by the order of the FSTEC of Russia dated March 14, 2014 N 31 establishes the classes of information security tools used in the automated control system for production and technological processes, if the customer decides to use information security tools that have been assessed for compliance in the form of mandatory certification.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question